#!/bin/bash
# 获取指定进程号的监听端口列表
function get_listening_ports() {
    pid=$1
    netstat -tulnep | awk -v pid="$pid" '$7 ~ pid {split($4, port, ":"); print port[length(port)]}' | sort -u
}

#抓取某个进程的包
function tcp_dump_file(tmp_folder,process_id){

listening_ports=$(get_listening_ports ${process_id})
# 抓取每个端口的TCP包（2分钟）
for port in $listening_ports; do
    echo "抓取端口 $port 的TCP包..."
    nohup tcpdump -i any port $port -w ${tmp_folder}/capture_$port.pcap &
done
sleep 120
# 终止所有tcpdump进程
pkill tcpdump

}